2 files changed, 75 insertions, 22 deletions

diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex
index 79ab129fd..890a43cc1 100644
--- a/test/support/http_request_mock.ex
+++ b/test/support/http_request_mock.ex
@@ -211,7 +211,7 @@ defmodule HttpRequestMock do
   end
 
   def get(
-        "https://squeet.me/xrd/?uri=lain@squeet.me",
+        "https://squeet.me/xrd/?uri=acct:lain@squeet.me",
         _,
         _,
         Accept: "application/xrd+xml,application/jrd+json"
@@ -850,7 +850,7 @@ defmodule HttpRequestMock do
   end
 
   def get(
-        "https://social.heldscal.la/.well-known/webfinger?resource=shp@social.heldscal.la",
+        "https://social.heldscal.la/.well-known/webfinger?resource=acct:shp@social.heldscal.la",
         _,
         _,
         Accept: "application/xrd+xml,application/jrd+json"
@@ -863,7 +863,7 @@ defmodule HttpRequestMock do
   end
 
   def get(
-        "https://social.heldscal.la/.well-known/webfinger?resource=invalid_content@social.heldscal.la",
+        "https://social.heldscal.la/.well-known/webfinger?resource=acct:invalid_content@social.heldscal.la",
         _,
         _,
         Accept: "application/xrd+xml,application/jrd+json"
@@ -880,7 +880,7 @@ defmodule HttpRequestMock do
   end
 
   def get(
-        "http://framatube.org/main/xrd?uri=framasoft@framatube.org",
+        "http://framatube.org/main/xrd?uri=acct:framasoft@framatube.org",
         _,
         _,
         Accept: "application/xrd+xml,application/jrd+json"
@@ -939,7 +939,7 @@ defmodule HttpRequestMock do
   end
 
   def get(
-        "https://gerzilla.de/xrd/?uri=kaniini@gerzilla.de",
+        "https://gerzilla.de/xrd/?uri=acct:kaniini@gerzilla.de",
         _,
         _,
         Accept: "application/xrd+xml,application/jrd+json"
@@ -1135,7 +1135,7 @@ defmodule HttpRequestMock do
   end
 
   def get(
-        "https://zetsubou.xn--q9jyb4c/.well-known/webfinger?resource=lain@zetsubou.xn--q9jyb4c",
+        "https://zetsubou.xn--q9jyb4c/.well-known/webfinger?resource=acct:lain@zetsubou.xn--q9jyb4c",
         _,
         _,
         Accept: "application/xrd+xml,application/jrd+json"
@@ -1148,7 +1148,7 @@ defmodule HttpRequestMock do
   end
 
   def get(
-        "https://zetsubou.xn--q9jyb4c/.well-known/webfinger?resource=https://zetsubou.xn--q9jyb4c/users/lain",
+        "https://zetsubou.xn--q9jyb4c/.well-known/webfinger?resource=acct:https://zetsubou.xn--q9jyb4c/users/lain",
         _,
         _,
         Accept: "application/xrd+xml,application/jrd+json"
diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs
index b2352538a..c418232da 100644
--- a/test/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/web/activity_pub/activity_pub_controller_test.exs
@@ -652,9 +652,25 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
 
       assert response(conn, 200) =~ announce_activity.data["object"]
     end
+  end
+
+  describe "POST /users/:nickname/outbox (C2S)" do
+    setup do
+      [
+        activity: %{
+          "@context" => "https://www.w3.org/ns/activitystreams",
+          "type" => "Create",
+          "object" => %{"type" => "Note", "content" => "AP C2S test"},
+          "to" => "https://www.w3.org/ns/activitystreams#Public",
+          "cc" => []
+        }
+      ]
+    end
 
-    test "it rejects posts from other users", %{conn: conn} do
-      data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+    test "it rejects posts from other users / unauthenticated users", %{
+      conn: conn,
+      activity: activity
+    } do
       user = insert(:user)
       otheruser = insert(:user)
 
@@ -662,39 +678,76 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
         conn
         |> assign(:user, otheruser)
         |> put_req_header("content-type", "application/activity+json")
-        |> post("/users/#{user.nickname}/outbox", data)
+        |> post("/users/#{user.nickname}/outbox", activity)
 
       assert json_response(conn, 403)
     end
 
-    test "it inserts an incoming create activity into the database", %{conn: conn} do
-      data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+    test "it inserts an incoming create activity into the database", %{
+      conn: conn,
+      activity: activity
+    } do
       user = insert(:user)
 
-      conn =
+      result =
         conn
         |> assign(:user, user)
         |> put_req_header("content-type", "application/activity+json")
-        |> post("/users/#{user.nickname}/outbox", data)
-
-      result = json_response(conn, 201)
+        |> post("/users/#{user.nickname}/outbox", activity)
+        |> json_response(201)
 
       assert Activity.get_by_ap_id(result["id"])
+      assert result["object"]
+      assert %Object{data: object} = Object.normalize(result["object"])
+      assert object["content"] == activity["object"]["content"]
     end
 
-    test "it rejects an incoming activity with bogus type", %{conn: conn} do
-      data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+    test "it rejects anything beyond 'Note' creations", %{conn: conn, activity: activity} do
       user = insert(:user)
 
-      data =
-        data
-        |> Map.put("type", "BadType")
+      activity =
+        activity
+        |> put_in(["object", "type"], "Benis")
+
+      _result =
+        conn
+        |> assign(:user, user)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", activity)
+        |> json_response(400)
+    end
+
+    test "it inserts an incoming sensitive activity into the database", %{
+      conn: conn,
+      activity: activity
+    } do
+      user = insert(:user)
+      object = Map.put(activity["object"], "sensitive", true)
+      activity = Map.put(activity, "object", object)
+
+      result =
+        conn
+        |> assign(:user, user)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", activity)
+        |> json_response(201)
+
+      assert Activity.get_by_ap_id(result["id"])
+      assert result["object"]
+      assert %Object{data: object} = Object.normalize(result["object"])
+      assert object["sensitive"] == activity["object"]["sensitive"]
+      assert object["content"] == activity["object"]["content"]
+    end
+
+    test "it rejects an incoming activity with bogus type", %{conn: conn, activity: activity} do
+      user = insert(:user)
+      activity = Map.put(activity, "type", "BadType")
 
       conn =
         conn
         |> assign(:user, user)
         |> put_req_header("content-type", "application/activity+json")
-        |> post("/users/#{user.nickname}/outbox", data)
+        |> post("/users/#{user.nickname}/outbox", activity)
 
       assert json_response(conn, 400)
     end